RFR: 8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) [v15]

[Mikhail Yankelevich]

On Fri, 7 Nov 2025 17:26:53 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Hi
>> 
>> Please review the [Second Preview](https://openjdk.org/jeps/8360563) for the PEM API.  The most significant changes from [JEP 470](https://openjdk.org/jeps/470) are:
>> 
>> - Renamed the name of `PEMRecord` class to `PEM`.
>> - Revised the new `encryptKey` methods of the `EncryptedPrivateKeyInfo` class to accept `DEREncodable` objects rather than just `PrivateKey` objects so that cryptographic objects with public keys, i.e., `KeyPair` and `PKCS8EncodedKeySpec`, can also be encrypted.
>> - Enhanced the `PEMEncoder` and `PEMDecoder` classes to support the encryption and decryption of `KeyPair` and `PKCS8EncodedKeySpec` objects.
>> 
>> thanks
>> 
>> Tony
>
> Anthony Scarpino has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 27 additional commits since the last revision:
> 
>  - Merge branch 'master' into pem26
>  - remove PEMRecord import
>  - mistakes
>  - Merge branch 'master' into pem26
>  - minor doc updates, fix some bugs, PEM set to 26
>  - more docs, remove runtimeexception
>  - EKPI has a lot of @link's
>  - docs
>  - more doc updates and zeroing
>  - fix non-pbe
>  - ... and 17 more: https://git.openjdk.org/jdk/compare/a5db9ab2...2ee3e7a4

src/java.base/share/classes/java/security/PEM.java line 144:

> 142:      * @throws IllegalArgumentException if decoding fails
> 143:      */
> 144:     final public byte[] decode() {

This method doesn't seem to be covered by the tests. I have created a ticket to add this https://bugs.openjdk.org/browse/JDK-8371574. 
It also covers the 2 methods in PEM.java in utils, which could be covered further

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2511040775